7f91e1e0839c047b1cbfb65f84d444dac70d3cd16f8e4f06ed7278bfe6212571

Analysis

max time kernel
320s
max time network
558s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
17/03/2025, 05:19

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Dolphin.ini
Size

50B
MD5

c65f0a827d3445544eb211f91f034c40
SHA1

05fa6235b93939cbe7324d3df7333d5c5dbe7e49
SHA256

7f91e1e0839c047b1cbfb65f84d444dac70d3cd16f8e4f06ed7278bfe6212571
SHA512

63abc244862ed06c9f67b009b6c25994686cea8b7504112c46c4214843aa4a4b74a974e7279248f0e8f17a4b9b3cde54d4ee4345e422627e7895c9796c4824e0

Score

9^/10

aspackv2 defense_evasion discovery execution impact macro ransomware xlm

Malware Config

Signatures

Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Disables Task Manager via registry modification
defense_evasion

Modifies Windows Firewall 2 TTPs 1 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2940	NetSh.exe

Suspicious Office macro 1 IoCs

Office document equipped with 4.0 macros.

macro xlm

resource	yara_rule
behavioral1/files/0x000500000001d6da-1551.dat	office_xlm_macros

ASPack v2.12-2.42 5 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x000500000001d9ef-1135.dat	aspack_v212_v242
behavioral1/files/0x000500000001da05-1146.dat	aspack_v212_v242
behavioral1/files/0x000500000001da03-1154.dat	aspack_v212_v242
behavioral1/files/0x000500000001d9ff-1165.dat	aspack_v212_v242
behavioral1/files/0x000500000001d9fb-1182.dat	aspack_v212_v242

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000200000000f731-1305.dat	autoit_exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Interacts with shadow copies 3 TTPs 3 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
764	vssadmin.exe
2628	vssadmin.exe
1948	vssadmin.exe

Kills process with taskkill 2 IoCs

defense_evasion

pid	Process
2480	taskkill.exe
296	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 7 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1780	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2352	2396	chrome.exe	32
PID 2396 wrote to memory of 2352	2396	chrome.exe	32
PID 2396 wrote to memory of 2352	2396	chrome.exe	32
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2788	2396	chrome.exe	34
PID 2396 wrote to memory of 2908	2396	chrome.exe	35
PID 2396 wrote to memory of 2908	2396	chrome.exe	35
PID 2396 wrote to memory of 2908	2396	chrome.exe	35
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36
PID 2396 wrote to memory of 2968	2396	chrome.exe	36

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\Dolphin.ini
1⤵
- Opens file in notepad (likely ransom note)
PID:1780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6739758,0x7fef6739768,0x7fef6739778
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2176 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2188 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1588 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:2
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3204 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3460 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3696 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3800 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1804
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f9e7688,0x13f9e7698,0x13f9e76a8
    3⤵
    PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3792 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3956 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2160 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2596 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2460 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2684 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4000 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:8
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2400 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:1
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3404 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 --field-trial-handle=1284,i,674722568332006391,1199558565089808953,131072 /prefetch:8
  2⤵
  PID:2696

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x484
1⤵
PID:2084

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Trololo.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Trololo.exe"
1⤵
PID:772
- C:\Windows\system32\taskkill.exe
  taskkill.exe /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  PID:2480
- C:\Windows\system32\taskkill.exe
  taskkill.exe /f /im taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:296

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2432
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\WindowsUpdate.exe
  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\WindowsUpdate.exe"
  2⤵
  PID:2588
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\ScreenScrew.exe
  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\ScreenScrew.exe"
  2⤵
  PID:2016
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe
  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"
  2⤵
  PID:1220
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe
  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe"
  2⤵
  PID:848
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe
  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe"
  2⤵
  PID:2452
- - C:\Windows\system32\vssadmin.exe
    vssadmin delete shadows /all /quiet
    3⤵
    - Interacts with shadow copies
    PID:1948
- - C:\Windows\system32\vssadmin.exe
    vssadmin delete shadows /all /quiet
    3⤵
    - Interacts with shadow copies
    PID:2628
- - C:\Windows\system32\vssadmin.exe
    vssadmin delete shadows /all /quiet
    3⤵
    - Interacts with shadow copies
    PID:764
- - C:\Windows\system32\NetSh.exe
    NetSh Advfirewall set allprofiles state off
    3⤵
    - Modifies Windows Firewall
    PID:2940
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedBoot.exe
  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedBoot.exe"
  2⤵
  PID:2784
- - C:\Users\Admin\35844656\protect.exe
    "C:\Users\Admin\35844656\protect.exe"
    3⤵
    PID:656
- - C:\Users\Admin\35844656\assembler.exe
    "C:\Users\Admin\35844656\assembler.exe" -f bin "C:\Users\Admin\35844656\boot.asm" -o "C:\Users\Admin\35844656\boot.bin"
    3⤵
    PID:2344
- - C:\Users\Admin\35844656\overwrite.exe
    "C:\Users\Admin\35844656\overwrite.exe" "C:\Users\Admin\35844656\boot.bin"
    3⤵
    PID:404

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding
1⤵
PID:2300

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1788

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2924

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Direct Volume Access

T1006

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\35844656\assembler.exe

Filesize
589KB

MD5
7e3cea1f686207563c8369f64ea28e5b

SHA1
a1736fd61555841396b0406d5c9ca55c4b6cdf41

SHA256
2a5305369edb9c2d7354b2f210e91129e4b8c546b0adf883951ea7bf7ee0f2b2

SHA512
4629bc32094bdb030e6c9be247068e7295599203284cb95921c98fcbe3ac60286670be7e5ee9f0374a4017286c7af9db211bd831e3ea871d31a509d7bbc1d6a3

Download Submit
C:\Users\Admin\35844656\boot.asm

Filesize
825B

MD5
def1219cfb1c0a899e5c4ea32fe29f70

SHA1
88aedde59832576480dfc7cd3ee6f54a132588a8

SHA256
91e74c438099172b057bedf693d877bd08677d5f2173763986be4974c0970581

SHA512
1e735d588cb1bb42324eaff1b9190ec6a8254f419d1ba4a13d03716ff5c102a335532b573a5befb08da90586e5670617066564ef9872f8c415b9a480836df423

Download Submit
C:\Users\Admin\35844656\boot.bin

Filesize
512B

MD5
90053233e561c8bf7a7b14eda0fa0e84

SHA1
16a7138387f7a3366b7da350c598f71de3e1cde2

SHA256
a760d8bc77ad8c0c839d4ef162ce44d5897af6fa84e0cc05ecc0747759ea76c2

SHA512
63fda509cd02fd9d1374435f95515bc74f1ca8a9650b87d2299f8eee3a1c5a41b1cb8a4e1360c75f876f1dae193fdf4a96eba244683308f34d64d7ce37af2bb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\495bd8a2-d3cd-43d1-ad52-bcf2bc65b4d3.tmp

Filesize
7KB

MD5
40ea5b1a35bd71f5f3eb9b2e053903b3

SHA1
2198502a4470260a2cea53467b7547836de73ea0

SHA256
b0dcc6614b3b2dc9e300a9d0c60054707d825de8d6e26b10c2bbc5d0a9f4b0bf

SHA512
09094683cd125edd9bfa0d897d201c7cecb21f57af2d091ed16fef3930d0998d0e2948ecfd02dca512fb6ebc786108f452c0401644d38273734a0f330d4ebf39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
25KB

MD5
3663069479015650d0846a3cdd49888e

SHA1
a6215df3e60a8c546d077a1fe32bddfd59095285

SHA256
622e986737ab05dc235708168dd91e349c3daf7156c3ea6c3113707c624d65b7

SHA512
bb82c91bb0270b058421f22b62a3dd622850b25955a3245c95ac5d721b8bd93cf6ab971f5078db1a1b1d1a7378c8a575bbfefca497e15e1d973680ffe0b595e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
71KB

MD5
20a5a164ba2dae0410b9b313e866cd90

SHA1
f54a317d3ec70e84cff1adc5539efe4e5d73bcf6

SHA256
9af9b0e7af47ffd8ad17c4eb49c00186b3d8f17991864c9d7d96b776693d6815

SHA512
5694424746d343340350cba7789f42a4ef1d0457a7815aa78fd9f20c541123ee5b525de86390f173963d70a2269cf8efe347f9cb56a80271456288617f62af39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
413KB

MD5
ec7fb9f2073beb5de8e21b449c094776

SHA1
6c5850801eb931745a0c949515053aae35a1a720

SHA256
7f901b7ced82a6f563ae31742b0dc7c43ff12b3e8de2e0bce262e0a15a948963

SHA512
8971fd8265272e5f0fc97d271a690680d0ea80a79ed8c98048c33a7ee49d9814eecc9a063ba7ae60d6651da2312bca5d911c46c09d07dbd862cc97b165624bcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

Filesize
78KB

MD5
db43452d2c1b4b7e544c44e9fd59406a

SHA1
88af01dd34bd9ea2e0930efe88ee5e6848cd0ec4

SHA256
b9ac64c121a1be0a056983721d9bd0f3134fd55a9654f93d1e25bc91f7a88408

SHA512
a38954a3d9c1e34de0e83b4577eebe4649c82dc9de9604fd78c90095e70a628c5677baa4bc208c866d7c55a8e28df2f6c7937cdcb0bcf520ad550388af28950c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
6ba63f840a104ffe561ad1fc8504ff5a

SHA1
f6e05a9cd4d5b2826027f58df390478e39222384

SHA256
ff6c190b6b2fbd0749f631c69f31747f2edac38f9d6a3249c8c2555c8c04d19a

SHA512
a3ec0a67a994a25975603857e1f85e164211682fd6cfd3979f698a543ee09fd868c39f43c505df9c21020a49b5ffdc078252717bfb18ca995601f12bdca07c5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
5ac7748dbee14b1f7a06ad8541dba198

SHA1
7449501048beba0d1db4dba4e7edaaee725c280d

SHA256
c8a630d46c5d4b19d8eced35080d00bc5ed2ce89fe196551753b65f53ac99e35

SHA512
c9ec34072b421ab7473d4a6e94825297ee627fd37c7017b7bbc84c89e25db6e1be85d75b991727a3a8309378cddae6233ef8820306d6e9590c848966f55d3557

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7886ad.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
b133df2d24bbdcc5dcddf9f6651badab

SHA1
d5a62771dc6489dc26e8c6cfd7e1902abf0eeb2c

SHA256
e1508d926841d770084987ba84088ab759a70179307c402761c1d5c86ffab299

SHA512
c6fd7dd183218bc9c4b125de4803561d56c7ee7970c3a1ee2b0dcfddac9bdc202e5a09c8c6f8ec225224a27609688bec7d75495e87b1143e0c6ba1dc340badf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d2a92484b6eafd37dd19c95b9ab4029c

SHA1
578fe316ee2cc0651f13f8c82c50c12abb5859ac

SHA256
a8a8d31725c3564d070233677cb8e884e269897f2cc124b392d29c6d39b743da

SHA512
c4d6c214473890e7845f4ba90c5bafde326730574d1f7ddeb75a695f589293bde74151f2ad8520c8337b4f8ecc7bf96de54ccf8d60fb2231797d51b7c7fa7f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bec7bc4f0b5b02c0b94abd767413d51c

SHA1
8b2d54eee181e4d0479e5c081d5a8595cfffb740

SHA256
79c46c0dfef7c0680b7d80b8498caa7d733ed6c98577d3887554e959edefb206

SHA512
75996101f1f8a9cf9cdbf44a212efa694f0594bfe085bcce7ae033bb37dc8b15c12dcb7c68eee7162719d4b302a230dc00bcc8b45169f374c779ce8f15107f3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8702a2c2b9ca94773ae330d9a2fd6cd7

SHA1
4b4809ba85b9a3bb71aff3c4cd78e980fc520ea1

SHA256
4bc81c4524429ac3625dc570c9c0a630a7c288c0fc8413f3ed4714c6809c2480

SHA512
16c38e97386b2ec97f05d61f69c8aa25b54b342f4223c25454f088777b646fa132f47e522c965ad1913bc9c73abc3f248aa5a21f2de694a46cb01c03933d9ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1008B

MD5
4dabfafe1c398fb0bc5a38e1c164394e

SHA1
4fdcbd3d4bbc46df267a898883f30b042c3b5226

SHA256
fb1aaac73393f56fe3d3fa1590198ddb59763ffca3d17a984798c5fd202b7e4d

SHA512
2fff64ee599183957aaaa19662e01f6723739ee404a0291954a38e80b3217ddd6b74315d6df9ee0345a65c83a07befb7cad5eea7f72f3926c9f5b49c63af8daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
abb54822d3a85bd5e3a9125e6fadded8

SHA1
3acb8de3ce3933e5dd4b2478d7e5ed7a86cd06af

SHA256
d374c5cc1eec224f138366a1c3000a8f4c30592ee0786c4a0a09cb38676e7fa0

SHA512
375749c85f2e1ca80747134d9c569e194f65de1e4c680ea684272b50de7cf7926a3d4b06011a1d87668f9dd18bec3f2d69a9be12687945e90d4e79620b2bb4f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1006B

MD5
38c81ed2d61aef1c0ad25f8140316e2e

SHA1
a713c46591abf044ebd640c5d6068da9743f805b

SHA256
6c47588eaef2aa7a5f61dff49b73c0d696947b80f5f1487a3c9873ebf0253fe0

SHA512
848ef03e624813d0080320b448b6ca2fb71731f1a2d1322fff067a1c1cdbc5fbff9624df46ecaa0ded222822418d66b82b0bb6cc80b2eb3dea8ec4b0120d76f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
913bd1fb38a8f732ee62f7edfbea1aa9

SHA1
3330f1f1bac9d34a718d09293c8d4d1dd36e9f4b

SHA256
86f6ef4a4d45cf4c4949e2e017c6112b63e05f49af1e06a6d52550f2fbf0bf59

SHA512
5b0b94a0d8da34192721e1ec4edeeb4bff462869d47015564bc1a1d759eb06613e84e486c4d900f17a1a93566f229b61ec58711ac3ac0a7a7f9676d1b3211a97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1002B

MD5
a5aba861f87a8c48e7a1941eace38c90

SHA1
7651cde1b2bb92ceddf55eab15a4459b80a99498

SHA256
82810c6d8c8fb0b00a82f33a57e3dd52391470feb17b2e5bceac0274fd807ad7

SHA512
18e981977d7f8ee54fb80f548add024b3286701cb517d9f3c68d80ec784998232f83cbbca5944a821a15aced77dfbe92934a41ea680be1fb2418247476d39cc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
78c2805e795e80a448a9bdbcf13562ef

SHA1
e321d8803a99d67588563dc2eb87cb2b975b489d

SHA256
bb7435c76bd9c1ce84d2b5005b5a02c0aa3ed402555a888cc6c94496a9fbe9b0

SHA512
7fe73599fc58d8b9434aeb1d945d01ee36188c13199c2b65f160c9424f2beedd5d72d19e98229a78065509d2932059533ba431c4561c9e308211604639541963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d7528990-bcde-4d31-aff0-469b3427666f.tmp

Filesize
6KB

MD5
8c578507e685c62700ba3580d2dc9b09

SHA1
65cc3676df828dbca96058f49d7d6a688cb55ffd

SHA256
cc36c0fd8d70767f5c3b3e6e32db50cd4300c2d6e6e68eff2bf8e25258229c9a

SHA512
2eb6c777440638e8337caf65023f0dd5475d80d12c822ad116ec76bad689bddfbc91855dd8e64686b9a1f6c3be94f19cca0405a8fabf26d04a41304a26526633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5a86f6babb36d7d9978af1fabd700989

SHA1
36adabf9d52b071dc50ab8aa608dc854ae769da2

SHA256
94496df01b08a77ffe7ea56641ed15f48346ef274e59727b209261be463be8dc

SHA512
f8e158b01510916e1ec4472ab038653c198f436aba70322a6c119f9931e4820cdd94c322771116aeff61a509e32a0c01c327023d6ad1ffdbdbe89fb412fddce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74ce29a4ba50e8d7e95f103cc2c52e62

SHA1
65419346ac8322ae4c681e6a1e11a478a0b7098a

SHA256
63224ae42face8573e96da4bcd24fb0ee93f85b586e5a5428da0ca9a4b203efa

SHA512
9ccff7d2cd20a56c5e5b2e97636d2e96a984c3fe0554cf0c99a918cc5d3693db4b58bd36aee91986d7ef6520da11c25db77034b4a14c67fdd18e821ec7979c1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
eb031edeb43ade4350936034a9b876e1

SHA1
2673a51629a36e6c2404fd24e317b2943fbde501

SHA256
24959c4ff6df651c49d6215f1d5eab947d8ace86dbacf8daa219f22af7e2e0ae

SHA512
fe50687250e05af56eaf872bff015bd8a7d936eab0d8093a68c3265c0f5f609ae29bad74475b1bcde71477538bdac8342de1b78f0e19c2115b89e40ab525c34b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8055167bb5b09945f19aca5a87c559ff

SHA1
b734fb99357f9ac40d9871ca33b13405fc538040

SHA256
17a5f129da200f380109131d9ec8821d6e0936a751d270497ed949ddbc5255aa

SHA512
0791864651221e3a75b003fcb6fda3f2955048fa70162fb19894953c27287f14643abfa31c5f2def25c821e9e5686ceae62f1190efe2692a90c7bab1399830d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1e44a2ff2cd1124e503e99dd682a4593

SHA1
4a67cb93cb5abe27e410696865996f2f04602b7c

SHA256
5ca89b87998aad89e34f24143f449dff426fd7407151ec74c97a340979021a3a

SHA512
3a4872266a38b5e239b9cba5c55cfb84aeb01c442b620774f0e713f9509114b1f1332fe94067e8f07d664c7ac46fd11641568cb8d76f06e6f7fc7d2f97102f31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fab71e2720e0c4d579341d79823096cf

SHA1
2e51f44c112821d6c17bc3297875d95d6d602387

SHA256
7421f73f4857bc68a438f53d3ebd071ae30d9be2cfc74a7727276f71573f56d1

SHA512
f9aee9d19e7339d29b53c4d9a366032d25fdb47ecdd8923d28a4358c6e6fa9b6d494cb9f7bacbd8888040c68d5037ece0bdd44d8b7843a4558b1b4c97605739f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
368KB

MD5
8deb1c4ee4e1f17893ddf2284dfec668

SHA1
70bc2989e515de29a9805bf04cb649150d32cdad

SHA256
514f034af92990fd4509a7f537e568fcf253f15930616bdb508b50405d5061ff

SHA512
1366f3c57c45ed3e2bb1aa2b8199c9297d2c5253291b205fa665b8de1fb2e9948bcdd68196811a31a65da7a053634ac401dd5229723c7883f0a2970a12383d50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
368KB

MD5
9e9385d6e800ddeb9c8050134b96e6ff

SHA1
86f345ef3449af3da60bc5b0955b7d79e56dbfc1

SHA256
791badcf8abd40a4a86c899832528328bb6f165f66917b56ffe919b0ece64035

SHA512
6a91ffe1943330dd05d76f3cc0a8b5cba4503ac8760ad546f6b7ca636f7b0b66995359eac05ee7a3f5a95b6120bd43e42fa4b68fb49a87eda4c7aa196c9c2dac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
81KB

MD5
377189e0ccd6c2954ee1091068ab8cee

SHA1
b8d4d43bee5476d79538e37d1bd53cb5fdf265c8

SHA256
cc77c488966987b737e819c81174b5069280c812dfdd11cc418fdc5b5664de19

SHA512
c2b69ce29fd90cb177fe7da27d415e6a4645c2408f84cefef01fb98e9e8cbab8e1fddb03eede07360a8585dd47d95ea78c33a3ea3a1c820994dc19fb6957a7fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE0E4.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
C:\Users\Admin\Documents\EnterConvert.xlsm.RedEye.locked

Filesize
16B

MD5
553dda8f9d6b50d4b2087d9b908e5ac5

SHA1
b5f9dbf4646ab7aea0fdadd4ce6e528b96f5a57b

SHA256
8288480cd94c59fce9ac64396943716caf1d0d20b21e459fed07abc490117909

SHA512
5c9a0d9e19ef8cc5994957b947cf8a6b0cc3997ea7f0535bed223866d7ccd26622ac1a9e72d46802af81b30fb204f5b4d36ff96158afa5e13b7feab89e7c1eb4

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\Emotet.zip

Filesize
102KB

MD5
510f114800418d6b7bc60eebd1631730

SHA1
acb5bc4b83a7d383c161917d2de137fd6358aabd

SHA256
f62125428644746f081ca587ffa9449513dd786d793e83003c1f9607ca741c89

SHA512
6fe51c58a110599ea5d7f92b4b17bc2746876b4b5b504e73d339776f9dfa1c9154338d6793e8bf75b18f31eb677afd3e0c1bd33e40ac58e8520acbb39245af1a

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\Zloader.xlsm

Filesize
93KB

MD5
b36a0543b28f4ad61d0f64b729b2511b

SHA1
bf62dc338b1dd50a3f7410371bc3f2206350ebea

SHA256
90c03a8ca35c33aad5e77488625598da6deeb08794e6efc9f1ddbe486df33e0c

SHA512
cf691e088f9852a3850ee458ef56406ead4aea539a46f8f90eb8e300bc06612a66dfa6c9dee8dcb801e7edf7fb4ed35226a5684f4164eaad073b9511189af037

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Botnets\FritzFrog\9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948

Filesize
8.6MB

MD5
4842d5cc29c97aa611fba5ca07b060a5

SHA1
f93772038406f28fa4ca1cfb23349193562414b2

SHA256
9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948

SHA512
cf1cb3f0291f3e0c3b47ff3ee9074b624e2d9781f9637d14ede0628ebb4b8b0fe13e16583f6a933a3e20872ec084dc812237f021757efe2a6d527a0a1723b5c8

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Botnets\FritzFrog\985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86

Filesize
8.7MB

MD5
c947363b50231882723bd6b07bc291ca

SHA1
7b9a425f09da9be5dda5facff18c5fd15eed253a

SHA256
985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86

SHA512
45f511f6fe78bba853789f85549c8ac591b7812e2fc969a13148bbd1112fa356f6a1ee88a22a907e7f62ef79a0d14d75681eecd2a17f027d105afd381f161184

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Botnets\FritzFrog\d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485

Filesize
8.7MB

MD5
aa55272ad8db954381a8eab889f087cf

SHA1
d7df26bf57530c0475247b0f3335e5d19d9cb30d

SHA256
d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485

SHA512
5590c039eb50708fe8fe417a5b5adf1d9019db0590dee119d0907bb588114bcbeb980c5ec7f3f77e85aefcbba76c1560e8b81069434ef5774ca60b1e28dbac20

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Browser Hijackers\BabylonToolbar.txt

Filesize
57B

MD5
2ab0eb54f6e9388131e13a53d2c2af6c

SHA1
f64663b25c9141b54fe4fad4ee39e148f6d7f50a

SHA256
d24eee3b220c71fced3227906b0feed755d2e2b39958dd8cd378123dde692426

SHA512
6b5048eeff122ae33194f3f6089418e3492118288038007d62cdd30a384c79874c0728a2098a29d8ce1a9f2b4ba5f9683b3f440f85196d50dc8bc1275a909260

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe

Filesize
50KB

MD5
47abd68080eee0ea1b95ae31968a3069

SHA1
ffbdf4b2224b92bd78779a7c5ac366ccb007c14d

SHA256
b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec

SHA512
c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Anap.a.exe

Filesize
16KB

MD5
0231c3a7d92ead1bad77819d5bda939d

SHA1
683523ae4b60ac43d62cac5dad05fd8b5b8b8ae0

SHA256
da1798c0a49b991fbda674f02007b0a3be4703e2b07ee540539db7e5bf983278

SHA512
e34af2a1bd8f17ddc994671db37b29728e933e62eded7aff93ab0194a813103cad9dba522388f9f67ba839196fb6ed54ce87e1bebcfd98957feb40b726a7e0c6

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe

Filesize
11KB

MD5
0fbf8022619ba56c545b20d172bf3b87

SHA1
752e5ce51f0cf9192b8fa1d28a7663b46e3577ff

SHA256
4ae7d63ec497143c2acde1ba79f1d9eed80086a420b6f0a07b1e2917da0a6c74

SHA512
e8d44147609d04a1a158066d89b739c00b507c8ff208dac72fdc2a42702d336c057ae4b77c305f4ccdfe089665913098d84a3160a834aaebe41f95f4b4bfddeb

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Brontok.exe

Filesize
106KB

MD5
d7506150617460e34645025f1ca2c74b

SHA1
5e7d5daf73a72473795d591f831e8a2054947668

SHA256
941ebf1dc12321bbe430994a55f6e22a1b83cea2fa7d281484ea2dab06353112

SHA512
69e0bd07a8bdbfe066593cdd81acd530b3d12b21e637c1af511b8fee447831b8d822065c5a74a477fe6590962ceff8d64d83ae9c41efd930636921d4d6567f6f

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\BubbleBoy.html

Filesize
12KB

MD5
bb7b91d1685db89b58ac01a72921e632

SHA1
4a1dd457983a7f1bbc7943eb5fca3da6d93d4176

SHA256
940a563df059604ac0dc6a92a845da2f04236b86887208b89969b70c6781c3f8

SHA512
09e26d197b22a4553e2e87a9ee0957700766c2dcd11157b5b71744d67abfa30d71d45c7bf1081bf9337527e3b8aabde99b09bd2bd30aa302329ebf480078307e

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Bugsoft.exe

Filesize
32KB

MD5
70f549ae7fafc425a4c5447293f04fdb

SHA1
af4b0ed0e0212aced62d40b24ad6861dbfd67b61

SHA256
96425ae53a5517b9f47e30f6b41fdc883831039e1faba02fe28b2d5f3efcdc29

SHA512
3f83e9e6d5bc080fb5c797617078aff9bc66efcd2ffac091a97255911c64995a2d83b5e93296f7a57ff3713d92952b30a06fc38cd574c5fe58f008593040b7f0

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Duksten.exe

Filesize
9KB

MD5
900ebff3e658825f828ab95b30fad2e7

SHA1
7451f9aee3c4abc6ea6710dc83c3239a7c07173b

SHA256
caec6e664b3cff5717dd2efea8dcd8715abdcfe7f611456be7009771f22a8f50

SHA512
e325f3511722eee0658cfcf4ce30806279de322a22a89129a8883a630388ab326955923fa6228946440894bd2ef56d3e6dfda3973ea16cc6e463d058dd6e25ce

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Emin.js

Filesize
2KB

MD5
d9fd66a813b647e9461e654ba80db7bc

SHA1
075344db68a3b4bb3f549c0cb79c672aaed70b87

SHA256
3db96ebba9a6875bb058a3a2a4457165103f8ed51183cf4d79a525c959602499

SHA512
55eafa2716d45a629aadb1422dd240609faa9f55c7ec4488569e6fb15298a586b7ed5a95060329e76dd4b272edce8954ea18be5f238d4cac70fbf59a391bb09f

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Funsoul.exe

Filesize
44KB

MD5
a13a4db860d743a088ef7ab9bacb4dda

SHA1
8461cdeef23b6357468a7fb6e118b59273ed528c

SHA256
69ee59cee5a1d39739d935701cfa917f75787b29e0b9bda9ada9e2642ade434c

SHA512
52909b5fcbf00ef4025f6051ee1b8a933fc2a0bd7a292fe25fac708f358e7c96d6d31ba263d07128d56bc614fcbd053b2fa1249024a8138baf30da8ac5f54806

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Gruel.a.exe

Filesize
100KB

MD5
b0feccddd78039aed7f1d68dae4d73d3

SHA1
8fcffb3ae7af33b9b83af4c5acbb044f888eeabf

SHA256
5714efd4746f7796bbc52a272f8e354f67edfb50129d5fdaa1396e920956d0d6

SHA512
b02b9476eeb9c43fcfef56949f867c1c88f152d65f3961a2838b8bff02df2383945aefb9a8c517ac78d79b5a9163c7677f5b6238f4624b1966994c9c09eb428d

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Happy99.exe

Filesize
9KB

MD5
02dd0eaa9649a11e55fa5467fa4b8ef8

SHA1
a4a945192cb730634168f79b6e4cd298dbe3d168

SHA256
4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18

SHA512
3bf69de674737ca15d6ff7ce73396194f3631dc4b8d32cc570adeeacdc210acee50fd64c97172ce7cc77f166c681d2ccd55955b3aca9188813b7ff6f49280441

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Avoid.exe

Filesize
248KB

MD5
20d2c71d6d9daf4499ffc4a5d164f1c3

SHA1
38e5dcd93f25386d05a34a5b26d3fba1bf02f7c8

SHA256
3ac8cc58dcbceaec3dab046aea050357e0e2248d30b0804c738c9a5b037c220d

SHA512
8ffd56fb3538eb60da2dde9e3d6eee0dac8419c61532e9127f47c4351b6e53e01143af92b2e26b521e23cdbbf15d7a358d3757431e572e37a1eede57c7d39704

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\ChilledWindows.exe

Filesize
4.4MB

MD5
6a4853cd0584dc90067e15afb43c4962

SHA1
ae59bbb123e98dc8379d08887f83d7e52b1b47fc

SHA256
ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec

SHA512
feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\CookieClickerHack.exe

Filesize
68KB

MD5
bc1e7d033a999c4fd006109c24599f4d

SHA1
b927f0fc4a4232a023312198b33272e1a6d79cec

SHA256
13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

SHA512
f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\CrazyNCS.exe

Filesize
122KB

MD5
d043ba91e42e0d9a68c9866f002e8a21

SHA1
e9f177e1c57db0a15d1dc6b3e6c866d38d85b17c

SHA256
6820c71df417e434c5ad26438c901c780fc5a80b28a466821b47d20b8424ef08

SHA512
3e9783646e652e9482b3e7648fb0a5f7c8b6c386bbc373d5670d750f6f99f6137b5501e21332411609cbcc0c20f829ab8705c2835e2756455f6754c9975ac6bd

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Curfun.exe

Filesize
138KB

MD5
0b3b2dff5503cb032acd11d232a3af55

SHA1
6efc31c1d67f70cf77c319199ac39f70d5a7fa95

SHA256
ef878461a149024f3065121ff4e165731ecabef1b94b0b3ed2eda010ad39202b

SHA512
484014d65875e706f7e5e5f54c2045d620e5cce5979bf7f37b45c613e6d948719c0b8e466df5d8908706133ce4c4b71a11b804417831c9dbaf72b6854231ea17

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Flasher.exe

Filesize
246KB

MD5
9254ca1da9ff8ad492ca5fa06ca181c6

SHA1
70fa62e6232eae52467d29cf1c1dacb8a7aeab90

SHA256
30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6

SHA512
a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Hydra.exe

Filesize
43KB

MD5
b2eca909a91e1946457a0b36eaf90930

SHA1
3200c4e4d0d4ece2b2aadb6939be59b91954bcfa

SHA256
0b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c

SHA512
607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Launcher.exe

Filesize
197KB

MD5
7506eb94c661522aff09a5c96d6f182b

SHA1
329bbdb1f877942d55b53b1d48db56a458eb2310

SHA256
d5b962dfe37671b5134f0b741a662610b568c2b5374010ee92b5b7857d87872c

SHA512
d815a9391ef3d508b89fc221506b95f4c92d586ec38f26aec0f239750f34cf398eed3d818fa439f6aa6ed3b30f555a1903d93eeeec133b80849a4aa6685ec070

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Popup.exe

Filesize
373KB

MD5
9c3e9e30d51489a891513e8a14d931e4

SHA1
4e5a5898389eef8f464dee04a74f3b5c217b7176

SHA256
f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8

SHA512
bf45677b7dd6c67ad350ec6ecad5bc3f04dea179fae0ff0a695c69f7de919476dd7a69c25b04c8530a35119e4933f4a8c327ed6dcef892b1114dfd7e494a19a7

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\ScreenScrew.exe

Filesize
111KB

MD5
e87a04c270f98bb6b5677cc789d1ad1d

SHA1
8c14cb338e23d4a82f6310d13b36729e543ff0ca

SHA256
e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338

SHA512
8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Time.exe

Filesize
111KB

MD5
9d0d2fcb45b1ff9555711b47e0cd65e5

SHA1
958f29a99cbb135c92c5d1cdffb9462be35ee9fd

SHA256
dc476ae39effdd80399b6e36f1fde92c216a5bbdb6b8b2a7ecbe753e91e4c993

SHA512
8fd4ce4674cd52a3c925149945a7a50a139302be17f6ee3f30271ebe1aa6d92bcb15a017dca989cd837a5d23cd56eaacc6344dc7730234a4629186976c857ca9

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\README.md

Filesize
57B

MD5
da53941085b635d68bba6cfd5ec25b41

SHA1
3a1fad738f5576ad8eeebaaad7f85aea1110136c

SHA256
f14b23fe8a5835b3451b2c099ae01afc77aa8a84067621cc80b31fcb5b827a32

SHA512
c3f2be04c0c805260372174d57db68e94039a6657c7b2ddd8c71cf07c7bbfbb6b4065beb037956b574f413a268461d7a551109c9cd2fc39113d54b13e6637556

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\README.md.locked

Filesize
64B

MD5
3792da08f092afc9013da91a393f9aca

SHA1
c47a403c7a3b759cc7a986a2e414c741ff16ad7b

SHA256
5f91ccf626808781d5556268aa6af9332ef8856dc96b65be9a8888cdd70913d0

SHA512
fd2c77eebfd282d04bf9009aa084a570b748426d674bca77eb4d5207056e7f06c79d1c0087efde2a946d549257720d36314310db000322276eaeefac5bcbe1e1

Download Submit
\Users\Admin\35844656\overwrite.exe

Filesize
288KB

MD5
bc160318a6e8dadb664408fb539cd04b

SHA1
4b5eb324eebe3f84e623179a8e2c3743ccf32763

SHA256
f2bc5886b0f189976a367a69da8745bf66842f9bba89f8d208790db3dad0c7d2

SHA512
51bc090f2821c57d94cfe4399b1f372a68d2811ea0b87d1ac1d6cf8ae39b167038ac21c471b168f1d19c6b213762024abb7e9e5ca311b246b46af0888289e46c

Download Submit
\Users\Admin\35844656\protect.exe

Filesize
837KB

MD5
fd414666a5b2122c3d9e3e380cf225ed

SHA1
de139747b42a807efa8a2dcc1a8304f9a29b862d

SHA256
e61a8382f7293e40cb993ddcbcaa53a4e5f07a3d6b6a1bfe5377a1a74a8dcac6

SHA512
9ab2163d7deff29c202ed88dba36d5b28f6c67e647a0cadb3d03cc725796e19e5f298c04b1c8523d1d1ee4307e1a5d6f8156fa4021627d6ca1bbd0830695ae05

Download Submit
\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\DesktopBoom.exe

Filesize
1.1MB

MD5
f0a661d33aac3a3ce0c38c89bec52f89

SHA1
709d6465793675208f22f779f9e070ed31d81e61

SHA256
c20e78ce9028299d566684d35b1230d055e5ea0e9b94d0aff58f650e0468778a

SHA512
57cdb3c38f2e90d03e6dc1f9d8d1131d40d3919f390bb1783343c82465461319e70483dc3cd3efdbd9a62dfc88d74fc706f05d760ffd8506b16fd7686e414443

Download Submit
\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Melting.exe

Filesize
12KB

MD5
833619a4c9e8c808f092bf477af62618

SHA1
b4a0efa26f790e991cb17542c8e6aeb5030d1ebf

SHA256
92a284981c7ca33f1af45ce61738479fbcbb5a4111f5498e2cb54931c8a36c76

SHA512
4f231fc16339d568b5cf9353133aeae835eb262dab68bc80d92f37b43df64dce4fae0e913cbaa3bb61351a759aeecf9d280bc5779b0853c980559a654d6cca11

Download Submit
memory/404-1332-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/848-1243-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/848-1246-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2016-1258-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2016-1241-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2016-1239-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2016-1770-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2016-1273-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2016-1266-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2016-1247-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2016-1244-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2016-1262-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2016-1277-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2016-1549-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2016-1270-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2344-1322-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2432-858-0x0000000003650000-0x0000000003660000-memory.dmp

Filesize
64KB

Download
memory/2452-1276-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/2588-1198-0x0000000000400000-0x00000000006BC000-memory.dmp

Filesize
2.7MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads